HPE Community
Server Management - Systems Insight Manager
1847256 Members
4724 Online
110263 Solutions
New Discussion

HPSIM Trust Relationship doesn't work after Initial PSP

 
SOLVED
Go to solution
Darrek Kay
Occasional Advisor

‎02-19-2004 05:42 AM

‎02-19-2004 05:42 AM

HPSIM Trust Relationship doesn't work after Initial PSP

When I configure my 7.00A Proliant Support Pack with the CMS certificate and deploy it, the certificate is installed in the managed server but does not work properly. I still have to log on interactively and re-import the certificate via "Get Cert" before it allows single sign-on to function.
What am I doing wrong? Or is this another known issue?
0 Kudos
Reply
10 REPLIES 10
Rob Buxton
Honored Contributor

‎02-19-2004 06:44 AM

‎02-19-2004 06:44 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

On the PSP, have you configured the items to include the Certificate?

I had to manually cut and paste the Certificate into the PSP.
From the VCRM, go to catalog and then Configure a Component.
Select a component and check the Overwrite existing HP Web Based security. Configure passwords and add the certificate.

Now, whenever this PSP is deployed, it will overwrite the Security with what's in the PSP. I only do this for one of the configurable items. This gives me a central point to make any changes.
0 Kudos
Reply
Darrek Kay
Occasional Advisor

‎02-19-2004 07:01 AM

‎02-19-2004 07:01 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

Yes. I used Get Cert from within the VCR setup in order to obtain the base64 version of the server certificate. I then copied the certificate into the other browser window in the PSP configuration window.
0 Kudos
Reply
Rob Buxton
Honored Contributor

‎02-19-2004 07:20 AM

‎02-19-2004 07:20 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

So, the PSP is set up to overwrite the existing agent details.
There's a check box in the PSP Setup.

I'm not sure if it's relevant, but do you have a Read/Write Community string common between the IM Server and the Server with the Agents?

In brief, this is not a "known issue" it works fine here. The VCRM / Agent Deployment hasn't changed in HPSIM nor has the Trust Mechanism.
0 Kudos
Reply
Darrek Kay
Occasional Advisor

‎02-19-2004 07:29 AM

‎02-19-2004 07:29 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

Yes, I've checked the box.

The certificate is getting installed on the managed client, but it is not recognized for single-signon.

I don't understand how SNMP community names would have any impact at this point. This is the "Initial" PSP deployment.

-DK
0 Kudos
Reply
Rob Buxton
Honored Contributor

‎02-19-2004 08:03 AM

‎02-19-2004 08:03 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

Darrek,
So, just re-importing the certificate fixes the problem?

When you initially deploy the PSP to the Agent, the Cert shows up under the list of Servers?

When you re-import, does the name under the Trusted Certificates list change, e.g. FQDN or just the name?

Also, on the config of the PSP, are you Overwriting settings on all the components or just one? I only set one to Overwrite. It may the last setting doesn't have a certificate.

I'm guessing a bit, as you've guessed because I've not seen the problem.
0 Kudos
Reply
Darrek Kay
Occasional Advisor

‎02-19-2004 09:04 AM

‎02-19-2004 09:04 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

Darrek,
Just re-importing the certificate via the managed server's HTTP agent fixes the problem.

I'll look in the trusted root certs list after installing on my next managed server. (See my other post from today...)

I'll also have to see if the server name changes in the process. I _am_ using a DNS alias to access the CMS. I recreated the CMS server cert with the DNS alias so I can keep reusing the same cert if my production server becomes obsolete and needs to be migrated to a new box.
Again, after importing the cert directly from the client everything works as it should.

I am overwriting settings on the PSP components. There is only the one checkbox.

I'm also shooting in the dark. I'm new to the toolset and am trying to document the correct method of installing it on a small set of devl servers before blasting into my 100 production servers.
-DK
0 Kudos
Reply
Rob Buxton
Honored Contributor

‎02-19-2004 09:23 AM

‎02-19-2004 09:23 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

As regards configuring the PSP Components.
Highlight the Foundation Agents, and then check that has the Overwrite Box ticked which I believe you've done.

Then Highlight the Version Control Agent, switch Tabs to the Management HTTP Server, I leave that to not Overwrite. The same for the Survey Utility which is the last to install.
You can obviously select which component you want to update the settings. I've always wondered why all three components can overwrite the settings.
0 Kudos
Reply
Darrek Kay
Occasional Advisor

‎02-19-2004 09:32 AM

‎02-19-2004 09:32 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

Please clarify...

When I select Deploy, Initial PSP I only get one Configure button on Step 4 after selecting the v7.00A PSP in Step 3.

Should I be configuring in a different place?
-DK
0 Kudos
Reply
Rob Buxton
Honored Contributor

‎02-19-2004 09:42 AM

‎02-19-2004 09:42 AM

Solution

Re: HPSIM Trust Relationship doesn't work after Initial PSP

I've not deployed PSP's using the new procedure. I've always configured the components and then deployed them.

You can check this from either the VCRM or directly on the PSP.
From the directory that the PSP was unpacked in, run setup.exe. This will run up the remote Deployment Utility. Takes a minute or two. In the left hand column, expand All Configurable Components, here you can Right Clieck and configure with Account / Password details as well as the Certificate details.

There are three components that can be configured.
If you have the VCRM, go to the main VCRM Page, go to the Catalog Tab and then select Configure Components.

This is the old mechanism that CIM 7 used to update Agent Settings. It may be that this is all superceded by the new Initial Deploment mechanism.
You can use the RDU to push the Softpaq to any target Server. You could do that and test against the results from the Initial Deployment mechanism and see if there's a difference in results.
Reply
Darrek Kay
Occasional Advisor

‎02-19-2004 11:07 AM

‎02-19-2004 11:07 AM

Re: HPSIM Trust Relationship doesn't work after Initial PSP

That was it. I just needed to "pre-configure" the HPIM Agents in the VCRM.

Thanks!

-Darrek
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.